CLAIMS: 

We claim: 

1 . A systems administration policy enforcement method comprising the steps of: 
responsive to a request to perform an administrative task directed to a resource 

within a computing networl<, retrieving an administration policy comprising a set of rules 
for governing said administrative task, further retrieving state data for said resource and 
applying said retrieved policy to said retrieved state data; and, 

permitting said administrative task only if said further retrieved state data satisfies 
said set of rules in said retrieved policy. 

2. The method of claim 1 , further comprising the steps of: 

providing a user interface for establishing said set of rules for said administration 
policy; and, 

storing said administration policy for subsequent retrieval in said retrieving step. 

3. The method of claim 1 , further comprising the steps of: 

yet further retrieving environmental information for the computing network; and, 
further permitting said administrative task only if said yet further retrieved 
environmental data satisfies said set of rules in said retrieved policy. 
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4. The method of claim 1 , wherein said step of further retrieving said state data, 
comprises retrieving state data both for said resource and also for other related 
resources in said computing network. 

5. The method of claim 1 , further comprising the steps of: 

disallowing said administrative task if said further retrieved state data fails to 
satisfy said set of rules in said retrieved policy; 

identifying a related resource having a related resource state giving rise to said 
state data for said resource failing to satisfy said set of rules in said retrieved policy; 

requesting remediation of said related resource state so that said related 
resource state satisfies said set of rules in said retrieved policy; and, 

further permitting said administrative task subsequent to a remediation of said 
related resource state. 

6. The method of claim 5, wherein said steps of disallowing, identifying, requesting 
and further permitting are performed autonomically. 

7. The method of claim 5, wherein said steps of disallowing, identifying, requesting 
and further permitting are performed recursively for each related resource whose state 
gives rise to a failure of said resource to satisfy said retrieved policy. 
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8. The method of claim 1 , further comprising the step of inserting an exit routine in 
an administration console of said resource, said exit routine having a configuration for 
foHA/arding requests to administer said resource to a policy evaluation component 
programmed to perform said steps of retrieving, further retrieving, applying and 
permitting. 

9. A system administration policy enforcement system comprising: 

an administration policy comprising a set of rules for permitting and disallowing 
administration of resources in a system hosting a plurality of interdependent resources; 

a policy evaluation component configured to retrieve resource state data and 
determine whether said retrieved resource state data satisfies said set of rules in said 
administration policy; and, 

an exit routine coupled to a resource in said network, said exit routine having 
logic for forwarding requests to administer said resource to said policy evaluation 
component. 

1 0. The system of claim 9, further comprising a rules engine coupled to said policy 
evaluation component and configured to retrieve said set of rules on behalf of said 
policy evaluation component. 
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11. A machine readable storage having stored thereon a computer program for 
enforcing a systems administration policy, said computer program comprising a routine 
set of instructions for causing the machine to perform the steps of: 

responsive to a request to perform an administrative task directed to a resource 
within a computing network, retrieving an administration policy comprising a set of rules 
for governing said administrative task, further retrieving state data for said resource, and 
applying said retrieved policy to said retrieved state data; and, 

permitting said administrative task only if said further retrieved state data satisfies 
said set of rules in said retrieved policy. 

12. The machine readable storage of claim 1 1 , further comprising the steps of: 
providing a user interface for establishing said set of rules for said administration 

policy; and, 

storing said administration policy for subsequent retrieval in said retrieving step. 

13. The machine readable storage of claim 1 1 , further comprising the steps of: 

yet further retrieving environmental information for the computing network; and, 
further permitting said administrative task only if said yet further retrieved 
environmental data satisfies said set of rules in said retrieved policy. 
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14. The machine readable storage of claim 1 1 , wherein said step of further retrieving 
said state data, comprises retrieving state data both for said resource and also for other 
related resources in said computing network. 

1 5. The machine readable storage of claim 1 1 , further comprising the steps of: 
disallowing said administrative task if said further retrieved state data fails to 

satisfy said set of rules in said retrieved policy; 

identifying a related resource having a related resource state giving rise to said 
state data for said resource failing to satisfy said set of rules in said retrieved policy; 

requesting remediation of said related resource state so that said related 
resource state satisfies said set of rules in said retrieved policy; and, 

further permitting said administrative task subsequent to a remediation of said 
related resource state. 

1 6. The machine readable storage of claim 1 5, wherein said steps of disallowing, 
identifying, requesting and further permitting are performed autonomically. 

1 7. The machine readable storage of claim 1 5, wherein said steps of disallowing, 
identifying, requesting and further permitting are performed recursively for each related 
resource whose state gives rise to a failure of said resource to satisfy said retrieved 
policy. 
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1 8. The machine readable storage of claim 1 1 , further comprising the step of 
inserting an exit routine in an administration console of said resource, said exit routine 
having a configuration for forwarding requests to administer said resource to a policy 
evaluation component programmed to perfonn said steps of retrieving, further retrieving, 
applying and permitting. 
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